nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Brits: Can banks do biometric security? We'd trust them before the government

Is that saying much, though?

By John Leyden, 19 Sep 2016

Brits have more faith in their banks than government agencies to roll out authentication technologies based on biometrics, according to a new survey from Visa.

Consumers are nearly twice as likely to trust banks to store and keep their biometric information such as fingerprints and iris scans safe (60 per cent), than they are to trust government agencies (33 per cent).

Nearly two-thirds of consumers (64 per cent) want to use biometrics as a method of payment authentication. The growth in fingerprint authentication for mobile payments via Apple’s Touch ID technology and the like is driving increased acceptance of the technology.

Consumers favour fingerprint authentication (88 per cent) as the most secure form of payment ahead of other biometric authentication options such as iris-scanning (83 per cent) and facial recognition (65 per cent).

When asked whom they would trust to offer biometrics authentication as a service to confirm identity, the largest percentage selected banks (85 per cent) and payment networks (81 per cent) ahead of global online brands (70 per cent), and smartphone companies (64 per cent). This level of trust in banks has grown significantly in the past two years, up by 20 percentage points from 65 per cent in 2014, when the Visa Biometric Payments study was first conducted. Only one in three thought government agencies could look after the data and do the job properly.

“Visa is already supporting a number of institutions in the development of emerging forms of authentication,” said Kevin Jenkins, UK & Ireland managing director at Visa. “We will continue our role as an enabler of payments and will remain tech agnostic when working with banking partners to ensure that new and emerging forms of payment authentication take place securely, conveniently and discreetly.”

Robert Capps, VP of business development at NuData Security, warned that physical biometrics such as fingerprints, selfies and voice authentication are far from foolproof.

“Unlike passwords, physical biometrics can’t be changed. It’s the lasting and permanent nature of physical biometric data that may have more negative impacts than passwords since, as in the OPM Breach, once these have been released into the wild, they pose a risk for the lifetime of the victim who can do nothing to change this core data,” Capps cautioned.

Loss of fingerprint data is not just a theoretical concern, as several large breaches over the last couple of years have exposed fingerprint data en-masse. As stolen data is often traded and consolidated into larger, more accurate profiles that can be re-used for a number of nefarious purposes from espionage, to identity theft, and financial fraud. Selfies and voice biometrics have contextual issues, like, it may not always be appropriate to take a selfie or provide a voice sample to authorise an online transaction,” he added. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing